O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Python Penetration Testing Essentials - Second Edition

Book Description

This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1.

About This Book
  • Detect and avoid various attack types that put the privacy of a system at risk
  • Leverage Python to build efficient code and eventually build a robust environment
  • Learn about securing wireless applications and information gathering on a web server
Who This Book Is For

If you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

What You Will Learn
  • The basics of network pentesting including network scanning and sniffing
  • Wireless, wired attacks, and building traps for attack and torrent detection
  • Web server footprinting and web application attacks, including the XSS and SQL injection attack
  • Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script
  • The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hacking
In Detail

This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples.

We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection.

By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.

Style and approach

The book starts at a basic level and moves to a higher level of network and web security. The execution and performance of code are both taken into account.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Python Penetration Testing Essentials Second Edition
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Code in Action
      4. Conventions used
    4. Get in touch
      1. Reviews
  6. Python with Penetration Testing and Networking
    1. Introducing the scope of pentesting
      1. The need for pentesting
      2. Components to be tested
      3. Qualities of a good pentester
      4. Defining the scope of pentesting
    2. Approaches to pentesting
    3. Introducing Python scripting
    4. Understanding the tests and tools you'll need
    5. Learning the common testing platforms with Python
    6. Network sockets
      1. Server socket methods
      2. Client socket methods
      3. General socket methods
      4. Moving on to the practical
        1. Socket exceptions
        2. Useful socket methods
    7. Summary
  7. Scanning Pentesting
    1. How to check live systems in a network and the concept of a live system
      1. Ping sweep
      2. The TCP scan concept and its implementation using a Python script
      3. How to create an efficient IP scanner in Windows
      4. How to create an efficient IP scanner in Linux
        1. The concept of the Linux-based IP scanner
      5. nmap with Python
    2. What are the services running on the target machine?
      1. The concept of a port scanner
      2. How to create an efficient port scanner
    3. Summary
  8. Sniffing and Penetration Testing
    1. Introducing a network sniffer
      1. Passive sniffing
      2. Active sniffing
    2. Implementing a network sniffer using Python
      1. Format characters
    3. Learning about packet crafting
    4. Introducing ARP spoofing and implementing it using Python
      1. The ARP request
      2. The ARP reply
      3. The ARP cache
    5. Testing the security system using custom packet crafting 
      1. A half-open scan
      2. The FIN scan
      3. ACK flag scanning
    6. Summary
  9. Network Attacks and Prevention
    1. Technical requirements
    2. DHCP starvation attack
    3. The MAC flooding attack
      1. How the switch uses the CAM tables
      2. The MAC flood logic
    4. Gateway disassociation by RAW socket
    5. Torrent detection
      1. Running the program in hidden mode
    6. Summary
  10. Wireless Pentesting
    1. Introduction to 802.11 frames
    2. Wireless SSID finding and wireless traffic analysis with Python
      1. Detecting clients of an AP
      2. Wireless hidden SSID scanner
    3. Wireless attacks
      1. The deauthentication (deauth) attack
      2. Detecting the deauth attack
    4. Summary
  11. Honeypot – Building Traps for Attackers
    1. Technical requirements
    2. Fake ARP reply
    3. Fake ping reply
    4. Fake port-scanning reply
    5. Fake OS-signature reply to nmap
    6. Fake web server reply
    7. Summary 
  12. Foot Printing a Web Server and a Web Application
    1. The concept of foot printing a web server
    2. Introducing information gathering
      1. Checking the HTTP header
    3. Information gathering of a website from whois.domaintools.com 
    4. Email address gathering from a web page
    5. Banner grabbing of a website
    6. Hardening of a web server
    7. Summary
  13. Client-Side and DDoS Attacks
    1. Introducing client-side validation
    2. Tampering with the client-side parameter with Python
    3. Effects of parameter tampering on business
    4. Introducing DoS and DDoS
      1. Single IP, single ports
      2. Single IP, multiple port
      3. Multiple IP, multiple ports
      4. Detection of DDoS
    5. Summary
  14. Pentesting SQL and XSS
    1. Introducing the SQL injection attack
    2. Types of SQL injections
      1. Simple SQL injection
      2. Blind SQL injection
    3. Understanding the SQL injection attack by a Python script
    4. Learning about cross-site scripting
      1. Persistent or stored XSS
      2. Nonpersistent or reflected XSS
    5. Summary
  15. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think